The internet is becoming more hazardous to daily users, even those who take care to avoid the sort of websites typically associated with malware infections. In fact, malware infections are now considerably more likely to occur by visiting a compromised legitimate website than by opening a web page created to deliver malware, according to the MessageLabs Intelligence 2010 Annual Security Report. Last year, MessageLabs found 42,926 domains spreading malicious software, most of which were legitimate sites.

Commtouch’s Q4 2010 Internet Threats Trend Report outlines the type of sites most often compromised with malware. Pornographic sites are the perennial leader in this respect, followed by parked domains, computers and technology sites, business sites, and then education sites. The report also identifies the sites most often compromised with phishing ploys recently. The leading threat in this respect is gaming sites, with shopping sites, health and medicine sites, computer and technology sites, and business sites rounding out the top five.

Malware spread among peer-to-peer (P2P) websites that facilitate content and file sharing is a leading threat heading into 2011. In the second half of 2010, 3.2 million malware attacks were launched each month from P2P platforms, notes the Outcomes for 2010 and Predictions for 2011 report issued by Kaspersky Lab. The types of web-based threats spreading via P2P networks are practically all-encompassing; file viruses, a variety of worms, SMS fraud programs, backdoors, and Rogue AV software are all being seen in this context.

We’re also currently seeing a spike in ploys to get internet users to unwittingly download malicious software of their own volition. This has prompted cyber-criminals to further employ blackhat SEO techniques, disruptive ads, and unwanted re-directs to bring traffic to sites of infection.

The Koobface malware, whose name is a play on “Facebook,” is a current notable example of threats that trick users into downloading the infection. Commonly, victims received a message from friends on Facebook alerting them to a video posted on Blogger in which they were shown. Anxious to see themselves, users would follow the link to Blogger, unaware the message was inauthentic and originating from a friend’s hacked Facebook account. To see the video, the victim was prompted to download a necessary plug-in, which contained the Koobface malware.

One particularly alarming new threat, especially to industrial companies, is malware like the recent Stuxnet worm. Malware like this example has been targeting programmable logic controllers (PLCs), which are computers that operate the automated functions of electromechanical processes. The Stuxnet worm is the most significant web-based attempt at industrial sabotage we’ve seen, and the implications are quite dire, even posing very real threats to worker safety.

Also disturbing is the breakdown in 2010 of the guarantees associated with digital signatures and digital certificates, notes the Kaspersky Lab report. The former attest to the legitimacy of a message and its sender, while the latter establish the credentials of parties involved in web-based transactions. Currently, cyber-criminals are demonstrating the ability to create or obtain (legally or illegally) these online assets. The uses are varied and dangerous, compromising online transactions and facilitating fraud, as well as providing ways to fool and bypass the security measures in place on web-based applications.

The Kaspersky Lab report also identifies a key threat to watch for now, which it dubs Spyware 2.0. More sophisticated malware is already being employed with the one goal of illegally obtaining any and every piece of information possible, and this threat promises to increase in the foreseeable future. This new class of spyware indiscriminately steals all private information it gains access to, be it user names and passwords, financial data, contact lists, proprietary secrets, or anything else. Of course, the uses for this information vary, but all of it can be used for a cyber-criminal’s financial gain. The consequences of such malware infections can be ruinous for an individual or a company, with the latter possibly being exposed to major public relations nightmares and legal action.

The current climate of web-based threats is certainly not a pleasant one. And from the looks of things, it will continue to get worse before it gets better. One disturbingly clear fact is that we can no longer rely solely on our common sense to avoid malware and other online threats, as they are now lurking on legitimate sites across the web. This underscores the need for up-to-date information and for advanced, state-of-the-art malware protection.

Malware threats, a leading concern in the internet security industry, are on the rise. To make matters worse, the types of malware infecting home and business computers are evolving, as are the methods by which they are transmitted. According to web security company Kaspersky Lab, the count of recorded malware incidents hit a new record at 1.5 billion in 2010. About one-third of these occurred via browser attacks, while others came through email spam, network attacks, and software vulnerabilities.

Peer-to-peer networks have become a notable source of malware transmission. In fact, Kaspersky Lab identifies them as the second-most common source of malware infections, following only browser attacks. The threats coming from this arena are diverse and include Trojans and file viruses, worms, rogue AVs, and backdoors. Internet security firm Cisco recently pointed out that malware attacks on the three leading P-2-P networks, eDonkey, BitTorrent, and Gnutella, were increasing significantly.

Kaspersky Lab realized the P-2-P malware threats were becoming an epidemic when recorded incidents hit 2.5 million in March of 2010. By year’s end, the number of monthly attacks reached 3.2 million. It’s worth noting, however, that these numbers aren’t inclusive of Trojans and file viruses, putting the estimate for the actual number of P-2-P-based malware incidents up to 10 million per month. Kaspersky Lab points to Internet Explorer as particularly vulnerable, as well as programs that operate in conjunction with browsers, such as Adobe Reader and Flash Player.

As for the number one source of malware threats today–attacks via internet browsers–Kaspersky Lab recorded more than 580 million incidents in 2010. This was an astonishing leap from 2009 numbers, when there were 73.6 million such attacks. Considering there were only 23.6 million malware attacks via browsers in 2007, an alarming trend has certainly been established.

Moreover, spammers and scammers are currently making ample use of social networking sites, particularly Facebook and Twitter, and fraudulent partner programs to spread a variety of malware threats. Notorious botnets, including Koobface, Bredolab, ZeuS, Mariposa, Sinowal, TDSS, and Black Energy 2.0 launched malware attack after attack, spreading worms to millions of computers each time. Some of these botnets were first to infect 64-bit platforms with malware. This was often accomplished by taking advantage of zero-day vulnerabilities, or weaknesses in new software that have not yet been discovered by programmers.

While these are some of the more noteworthy malware threats in the internet security landscape today, cyber criminals and spammers are constantly finding new avenues to infect computers across the globe. The rising trend in spreading malware to cell phones and PDAs is also alarming. Androids and iPhones have proven vulnerable to malware and spyware infections lately. The ever-changing nature of malware threats, combined with the perpetually increasing ways in which they can be propagated, necessitate the most current virus protection and spam filtering.

It’s common practice for spammers and cybercriminals to incorporate major current event headlines into the subjects and bodies of their unsolicited bulk email messages. The tactic appeals to the recipient’s curiosity and desire to remain informed about the latest happenings around the world. Often, spam attempts to lure people to websites selling software or other goods, or to trick them into downloading malicious files by pretending to offer insider access to information otherwise not available.

In May 2011, spammers sought to capitalize on the death of the world’s most wanted terrorist, Osama bin Laden. Spam emails promised the notoriously top-secret photos of bin Laden’s corpse immediately following his killing by Seal Team 6. Other spam messages claimed they took the recipient to photo or video tours of the mansion bin Laden had been hiding out in, or to high-resolution Google Earth images of the compound.

Of course, none of these were legitimate. Many redirected to retail websites, while others installed malware on the victim’s computer when they attempted to run attachments to see images or videos.

Even the all-too-familiar Nigerian scammers tried to cash in on bin Laden’s death. Spam messages warned recipients that because of some curious large sum of money they’re owed, but have not claimed, they were flagged as possible terrorists. The spam goes on to assure the recipients that they can clear up any misunderstanding by sending certain personal information, and that they can then claim the large sum of money once everything is resolved.

Aside from bin Laden-related spam, malware was widely spread by other common spam tactics as well. Malicious files were identified in 4.10 percent of all global email traffic in May, notes the month’s internet security report from Kaspersky Lab. This represents a 0.45 percent hike over April.

In May, Trojan-Spy.HTML.Fruad.gen was the most widely emailed malicious program, accounting for almost 11 percent of all spam email malware. Email-Worm.Win32.Mydoom.m was the second most emailed malicious program for the month, found in 6.90 percent of all spam containing malware. In third place was Trojan.HTML.Fraud.fc, a newcomer to the malware top 10 list back in April.

Russia surpassed the United States in May as the country most targeted by spam email containing malware. The U.S. led previously, but fell to second place for the month with 10.79 percent of spam with malware being sent there. Russia received 14.45 percent of all malware-containing spam email in May. The Vietnamese were the third most targeted, receiving 8.11 percent of spam malware traffic. Great Britain and India rounded out the top five, getting 5.91 and 5.21 of spam with malicious files, respectively.

Remember that unsolicited email touting special insider information about hot news items is undoubtedly spam, and that the links and files contained therein can pose serious threats to your computer’s security. Get your news online from trusted sources, and subscribe to their blogs or RSS feeds to stay informed of the latest happenings.

More generally, any links and attachments contained in unsolicited email messages can jeopardize your private information and your computer’s security, disrupt its functions, and hijack your system for use in spamming botnets. Refrain from following such links and from opening files attached to unknown email. Even files sent from people you know can be fraudulent or compromised, so employ an up-to-date spam and antivirus filter, and always confirm with the sender that the files are legitimate if they seem at all out-of-character.

While spam is widely regarded as mostly a nuisance, the malicious ways in which it is employed are continually expanding and evolving. A growing concern among email security companies is the inclusion of malware in spam email messages. In 2010, 2.2 percent of all email contained a malicious attachment, on average, as reported by web security company Kaspersky Lab. Although this number may not sound particularly menacing, consider that it was at only 0.85 percent the previous year. The inclusion of malicious files in spam peaked in August, hitting 6.3 percent of all email for the month.

Malware is being delivered via spam email to unsuspecting people in two basic ways: either it’s included in an attachment and uploaded by the recipient upon opening the attachment, or the recipient follows a link in the body of the email that takes them to a location from which they inadvertently upload the malicious files. The latter is often accomplished by spammers who send email that resembles legitimate correspondence from trustworthy senders.

By far the greatest malicious file sent out via spam email messages in 2010, accounting for 11.19 percent of all such files, looked like Trojan-Spy.HTML.Fraud.gen. Its primary purpose was to acquire recipients’ personal data. The second most common was Trojan-Downloader.JS.Pegel.g, which had an HTML attachment containing a Trojan and a redirect to a malicious web page. It accounted for 2.96 percent of the year’s malicious programs distributed by way of spam email messages.

Other top 10 malware in this category for 2010, in order of prevalence, included the ominous-sounding Email-Worm.Win32.MyDoom.m, Trojan.Win32.Pakes.Krap.an, Trojan.Win32.Pakes.Krap.x, Worm.Win32.Mabezat.b, Email-Worm.Win32.NetSky.q, Trojan-Downloader.Win32.Agent.dlhe, Trojan.Win32.Pakes.Katusha.o, and Trojan-Downloader.Win32.FraudLoad.hbf.

The entries containing “Krap,” no pun intended, were primarily used to propagate the notorious Zbot/Zeus Trojan horse file, as well as malware called FraudTools and Iksmas. Others also spread these and similar malicious files and a variety of others, including the fake antivirus programs known as Rogue AVs.

More than 15 percent of 2010’s malware delivered in spam email messages was based on zero-day vulnerabilities. These are security flaws in new programs that have yet to be discovered and remedied by programmers. Malware attached to spam email messages targeted users in the United States more than anywhere else, followed fairly closely by users in Germany, Great Britain, and Japan. Spain, Taiwan, India, France, Italy, and Vietnam make up the rest of the top 10 list of countries targeted by email-based malware attacks.

The inclusion of malicious files in spam email is on the rise. Industry experts are confident that this upward trend will continue through 2011 and in subsequent years. Increasingly, spam transitions from an annoyance and a drain on time and resources to a serious threat to the unsuspecting and unprotected.

Email users should only open expected attachments from known senders. Don’t follow links in unsolicited email, either; there’s a good chance they won’t take you where you think they’ll take you. When you need to follow up on an email, close the message and go directly to the relevant site by typing the URL into your browser’s address bar. And of course, the safest route is to use leading anti-spam filtering technology and virus protection.

In 2010, internet security firm Kaspersky Lab recorded 580.3 million browser-based malware attacks. As malware threats continue to rise, attacks made via vulnerabilities in web browsers and the programs that run with them, such as PDF readers and media players, are the leading avenue of infection. Approximately one in three malware attacks are committed in this manner.

Of these 580 million malware assaults, 90 percent originated from only 20 countries. More than one-quarter of them–137,487,939, to be exact–came from the United States, cites Kaspersky Lab. Russia accounted for just over 15 percent, sending 80 million malware attacks, and China, accounting for more than 13 percent, followed closely with 69.2 million attacks.

The Netherlands and Germany complete the top five countries responsible for browser-based malware attacks, accounting for 35.2 and 31.5 million, respectively. Spain, Ukraine, the United Kingdom, Sweden, and Latvia finish out the top 10, originating 84.4 million threats between them. France took the eleventh position with 9 million attacks, followed by Canada, the Virgin Islands, Poland, Moldova, the Philippines, Turkey, Vietnam, and Hong Kong. Lastly, Australia was the twentieth most common source of browser-based malware attacks, accounting for 1.9 million, or 0.36 percent, in 2010.

There is not necessarily as much correlation between the top 20 countries that originate browser-based malware threats and those that are victimized by them as you might expect. The top three, however, are the same on both lists, though ordered a bit differently. Of the 580.3 million such incidents, 82 percent were targeted at only 20 different nations, reports Kaspersky Lab.

China was the most victimized country, receiving a little more than 19 percent of all browser-based malware attacks. Russia comes in second place on this list as well, having been targeted by 17.5 percent of the attacks in 2010. The United States fell third, receiving 10.5 percent of these types of malware threats.

Computers in India were the fourth most commonly targeted, while those in Germany were fifth most likely to receive malware transmissions. Between them, they accounted for 8.7 percent of attacks. In descending order, Ukraine, Vietnam, the United Kingdom, France, and Italy complete the top 10 list. The countries on the latter half of the top 20 list received only 14.5 percent of all browser-based malware attacks collectively. They were Spain, Saudi Arabia, Malaysia, Turkey, Brazil, Mexico, Canada, Thailand, Poland, and Egypt.

These lists indicate just how global the various cybercrimes involving malware propagation have become. While we in the United States are often led to believe there is relatively little threat to our personal and professional computers and networks, and that the cybercriminals responsible for malware threats are located far from our own turf, this is clearly not the case. With the United States topping both the list of countries most commonly initiating malware attacks and the list of countries most victimized by them, we must prioritize protecting our computers from the numerous types of browser-based malware threats.